If you haven't already, please check out the previous parts of this series.

• Part 1 - All about Bicep & Deploying Bicep Files 

• Part 2 - Deploying Bicep with AZ CLI

• Part 3 - Deploying Bicep with Az PowerShell Module 

• Part 4 - Deploying Bicep with Azure DevOps Pipelines

• Part 5 - You're reading it now!

• Part 6 - Deployment Stacks (coming soon)

• Extra Credit - My Advanced Bicep Guide

Deploying Bicep with GitHub Actions

The Azure team created a GitHub Action called Azure/bicep-deploy. This action supports all the latest features of Bicep deployments. It supports Bicep template files and Bicep parameters files. It supports deploying to all 4 of the ARM Scopes. It supports "what if" deployments. It also supports Deployment Stacks.

Note: there is an older deployment action called Azure/arm-deploy. I only bring this up because this action is now on the deprecation path. I would not recommend using this older action. Stick to the bicep-deploy action, which is the focus of this article.

This article assumes you already know how to work with GitHub Actions and Workflows. This will not be a guide to using GitHub Actions in general. If you'd like more information on that subject, then please see my GitHub Workflows Guide.

Deploying to a Resource Group

This section goes over how to use the action to deploy a Bicep file that has a targetScope set to resourceGroup. Remember, if your Bicep file does not have a targetScope line at the top, then by default, the value of resourceGroup is automatically used. Here are the unique options that apply when doing a Resource Group deployment.

• scope

  • This is required and should be set to resourceGroup

• subscription-id

  • Should be set to the Subscription where the Resource Group is located

  • This is required even though you must also specify a Subscription in the azure/login action

• resource-group-name

  • This is required and should be set to the name of the RG to deploy to

Deploying to a Subscription

This section goes over how to use the action to deploy a Bicep file that has a targetScope set to subscription. Here are the unique options that apply when doing a Subscription deployment.

• scope

  • This is required and should be set to subscription

• subscription-id

  • This is required and should be set to the Subscription to deploy to

• location

  • This is required and should be set to the region where you want to store data about your deployment

Deploying to a Management Group

This section goes over how to use the action to deploy a Bicep file that has a targetScope set to managementGroup. Here are the unique options that apply when doing a Management Group deployment.

• scope

  • This is required and should be set to managementGroup

• management-group-id

  • This is required and should be set to the MG to deploy to

• location

  • This is required and should be set to the region where you want to store data about your deployment

Deploying to a Tenant

This section goes over how to use the action to deploy a Bicep file that has a targetScope set to tenant. Here are the unique options that apply when doing a Tenant deployment.

• scope

  • This is required and should be set to tenant

• tenant-id

  • This is required and should be set to the Tenant to deploy to

• location

  • This is required and should be set to the region where you want to store data about your deployment

Options that are common to all 4 Deployment Scopes

• type 

  • This is required and should be set to deployment

• operation

  • This is required and can be one of create, validate, or whatIf

• name

  • This specifies the name for this deployment. You may need to reference this deployment in the future, so it can be beneficial to use good names here

  • This is optional, and if omitted a default deployment name of 'azure-bicep-deploy' will be used

  • Note: if you use the same deployment name over and over, then you will be restricted to viewing information about the latest deployment only. In other words, new deployments will overwrite the deployment data of old deployments if you use the same deployment name

• template-file

  • Required and should be set to the path to your template file

• parameters-file

  • Path to your parameters file

  • This is optional. Either your deployment doesn't need parameters or you're supplying parameters in a different way

• parameters

  • This lets you specify override parameter values in JSON format

  • Parameter values entered this way take precedence over values supplied with a parameters file

  • This is optional. Either your deployment doesn't need parameters or you're supplying parameters in a different way

• what-if-exclude-change-types

  • Optional. When doing a whatIf operation, this lets you specify the change types to exclude from whatIf

• masked-outputs

  • Optional. Specify which Bicep outputs should have their values masked

Examples of minimal deployment commands

Deployment Stacks

Deployment Stacks are supported with this action starting from v1.

Please see Part 6 (coming soon) for more information on Deployment Stacks.

Well, that covers most of the basics of deploying Bicep files with the bicep-deploy GitHub Action. There are still a lot of details that I didn't expand upon in this article. For example, there are other ways to define your Bicep template, such as Template Specs and Template URIs. Make sure to read the action's documentation for more information.

The next part in this series will cover Deployment Stacks.

My Bicep Deployment Series:

• Part 1 - All about Bicep & Deploying Bicep Files 

• Part 2 - Deploying Bicep with AZ CLI

• Part 3 - Deploying Bicep with Az PowerShell Module 

• Part 4 - Deploying Bicep with Azure DevOps Pipelines

• Part 5 - You're reading it now!

• Part 6 - Deployment Stacks (coming soon)

• Extra Credit - My Advanced Bicep Guide